emotet

General

Target

e24f254f328850756305c4d8c0def3baa95aeee6565fe948633c9fb40e6e8305
Size

628KB
Sample

220731-lbtabshgb9
MD5

e2a091359986d48215d4e596aa881245
SHA1

5416f9f90afd51146ca67a21e8a77ad5c045ef52
SHA256

e24f254f328850756305c4d8c0def3baa95aeee6565fe948633c9fb40e6e8305
SHA512

12859cb04c22ebbcdd46f790ef9a11739156be28acc0d3444cc6c021e1365c154ee5d5143135d99fd6a8b6d7eafc07ff5c22f14e8e69f0014ec72e6bc88615d2

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

24.45.195.162:8443

186.4.172.5:20

185.94.252.13:443

46.105.131.87:80

69.164.201.54:8080

201.184.105.242:443

181.31.213.158:8080

80.11.163.139:21

104.236.246.93:8080

149.202.153.252:8080

212.71.234.16:8080

87.106.136.232:8080

138.201.140.110:8080

136.243.177.26:8080

198.199.114.69:8080

182.176.106.43:995

169.239.182.217:8080

27.147.163.188:8080

217.160.182.191:8080

80.11.163.139:443

rsa_pubkey.plain

Targets

- Target
  
  e24f254f328850756305c4d8c0def3baa95aeee6565fe948633c9fb40e6e8305
- Size
  
  628KB
- MD5
  
  e2a091359986d48215d4e596aa881245
- SHA1
  
  5416f9f90afd51146ca67a21e8a77ad5c045ef52
- SHA256
  
  e24f254f328850756305c4d8c0def3baa95aeee6565fe948633c9fb40e6e8305
- SHA512
  
  12859cb04c22ebbcdd46f790ef9a11739156be28acc0d3444cc6c021e1365c154ee5d5143135d99fd6a8b6d7eafc07ff5c22f14e8e69f0014ec72e6bc88615d2
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2